[asterisk-users] Security - What inbound variables can attackers populate or use when calling?
jwexler at mail.usa.com
jwexler at mail.usa.com
Fri Aug 6 01:08:18 CDT 2010
I am setting filters, etc. on variables that attackers can send asterisk
when they call (for example when they initially call into asterisk).
So far, I am filtering:
exten
CALLERID(name)
CALLERID(num)
What other fields or variables would an attacker be able to use in the
packets that they send when placing the call to asterisk?
Further, I am assuming that in the case that an attacker, first, simply
dials in normally and then after reaching voice prompts or other, starts
his/her attack, then all I need to filter in that case is exten. Anything
else here as well?
Thanks!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/d753a889/attachment.htm
More information about the asterisk-users
mailing list